diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index dd08f2c..dbbb834 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -3,12 +3,16 @@ on: workflow_dispatch: push: pull_request: - env: + ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} + NIX_CONFIG: | + show-trace = true + extra-substituters = https://cache.cy7.sh/main + extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= + experimental-features = nix-command flakes + extra-experimental-features = nix-command flakes + accept-flake-config = true TERM: ansi - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} - jobs: build-machines: strategy: @@ -20,7 +24,6 @@ jobs: os: - ubuntu-latest runs-on: ${{ matrix.os }} - steps: - name: Maximize build disk space uses: easimon/maximize-build-space@v10 @@ -33,59 +36,44 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix - - - name: setup binary cache key - run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem - - name: Install Nix - uses: cachix/install-nix-action@v30 - with: - enable_kvm: true - extra_nix_config: | - show-trace = true - experimental-features = nix-command flakes - accept-flake-config = true - system-features = nixos-test benchmark big-parallel kvm - secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - - - name: Install Lix - run: | - sudo --preserve-env=PATH $(which nix) run \ - --experimental-features "nix-command flakes" \ - --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \ - 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ - upgrade-nix \ - --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" - nix --version - + uses: nixbuild/nix-quick-install-action@master - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - + - name: Restore and cache Nix store + uses: nix-community/cache-nix-action@v5.1.0 + with: + # restore and save a cache using this key + primary-key: nix-${{ runner.os }}-${{ matrix.machine }}-${{ hashFiles('**/*.nix', 'flake.lock') }} + # if there's no cache hit, restore a cache by this prefix + restore-prefixes-first-match: nix-${{ runner.os }}-${{ matrix.machine }}- + # do purge caches + purge: true + # purge all versions of the cache + purge-prefixes: nix-${{ runner.os }}- + # created more than this number of seconds ago relative to the start of the `Post Restore` phase + purge-last-accessed: 86400 + # except the version with the `primary-key`, if it exists + purge-primary-key: never + # always save the cache + save-always: true + - name: setup attic + run: | + nix profile install github:zhaofengli/attic + attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - name: build run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" nix build -L "$package" - - name: cache - # https://stackoverflow.com/a/58859404 - if: '!cancelled()' + if: always() run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - derivations=() - while IFS=$'\n' read derivation; do - derivations+=("$derivation") - done < <(nix path-info --derivation "$package" | sed 's/\.drv$/.drv^*/') - - for derivation in "${derivations[@]}"; do - nix copy -j8 \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ - $(nix-store --query --requisites --include-outputs "$derivation") - done - + derivation="$(nix path-info --derivation "$package")" + cache="$(nix-store --query --requisites --include-outputs "$derivation")" + xargs attic push main <<< "$cache" build-homes: strategy: fail-fast: false @@ -97,7 +85,6 @@ jobs: - ubuntu-latest # - macos-latest runs-on: ${{ matrix.os }} - steps: - name: Maximize build disk space uses: easimon/maximize-build-space@v10 @@ -110,55 +97,40 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix - - - name: setup binary cache key - run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem - - - name: Install Nix - uses: cachix/install-nix-action@v30 - with: - enable_kvm: true - extra_nix_config: | - show-trace = true - experimental-features = nix-command flakes - accept-flake-config = true - system-features = nixos-test benchmark big-parallel kvm - secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - - - name: Install Lix - run: | - sudo --preserve-env=PATH $(which nix) run \ - --experimental-features "nix-command flakes" \ - --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \ - 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ - upgrade-nix \ - --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" - nix --version - + - uses: nixbuild/nix-quick-install-action@master - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - + - name: Restore and cache Nix store + uses: nix-community/cache-nix-action@v5.1.0 + with: + # restore and save a cache using this key + primary-key: nix-${{ runner.os }}-${{ matrix.home }}-${{ hashFiles('**/*.nix', 'flake.lock') }} + # if there's no cache hit, restore a cache by this prefix + restore-prefixes-first-match: nix-${{ runner.os }}-${{ matrix.home }}- + # do purge caches + purge: true + # purge all versions of the cache + purge-prefixes: nix-${{ runner.os }}- + # created more than this number of seconds ago relative to the start of the `Post Restore` phase + purge-last-accessed: 86400 + # except the version with the `primary-key`, if it exists + purge-primary-key: never + # always save the cache + save-always: true + - name: setup attic + run: | + nix profile install github:zhaofengli/attic + attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - name: build run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" nix build -L "$package" - - name: cache - # https://stackoverflow.com/a/58859404 - if: '!cancelled()' + if: always() run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" - derivations=() - while IFS=$'\n' read derivation; do - derivations+=("$derivation") - done < <(nix path-info --derivation "$package" | sed 's/\.drv$/.drv^*/') - - for derivation in "${derivations[@]}"; do - nix copy -j8 \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ - $(nix-store --query --requisites --include-outputs "$derivation") - done + derivation="$(nix path-info --derivation "$package")" + cache="$(nix-store --query --requisites --include-outputs "$derivation")" + attic push main --stdin <<< "$cache" diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 7ef9afb..872aa6d 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -6,12 +6,16 @@ on: description: "package to build" required: false type: string - env: + ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} + NIX_CONFIG: | + show-trace = true + extra-substituters = https://cache.cy7.sh/main + extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= + experimental-features = nix-command flakes + extra-experimental-features = nix-command flakes + accept-flake-config = true TERM: ansi - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} - jobs: build-packages: strategy: @@ -22,62 +26,29 @@ jobs: os: - ubuntu-latest - ubuntu-24.04-arm - # - macos-latest - # - macos-13 + - macos-latest + - macos-13 runs-on: ${{ matrix.os }} - steps: - - name: setup binary cache key - run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem - - name: Install Nix uses: cachix/install-nix-action@v30 - with: - enable_kvm: true - extra_nix_config: | - show-trace = true - experimental-features = nix-command flakes - accept-flake-config = true - system-features = nixos-test benchmark big-parallel kvm - secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - - - name: Install Lix - run: | - sudo --preserve-env=PATH $(which nix) run \ - --experimental-features "nix-command flakes" \ - --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \ - 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ - upgrade-nix \ - --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" - nix --version - - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - - run: nix build -L ${{ matrix.package }} - - - name: cache result - # https://stackoverflow.com/a/58859404 - if: '!cancelled()' + - name: setup attic run: | - derivations=() - while IFS=$'\n' read derivation; do - derivations+=("$derivation") - done < <(nix path-info --derivation "${{ matrix.package }}" | sed 's/\.drv$/.drv^*/') - - for derivation in "${derivations[@]}"; do - nix copy -j8 \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ - $(nix-store --query --requisites --include-outputs "$derivation") - done - + nix profile install github:zhaofengli/attic + attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" + - run: nix build -L ${{ matrix.package }} + - name: cache result + if: always() + run: | + derivation="$(nix path-info --derivation "${{ matrix.package }}")" + cache="$(nix-store --query --requisites --include-outputs "$derivation")" + xargs attic push main <<< "$cache" - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - - name: upload result uses: actions/upload-artifact@v4 with: diff --git a/.github/workflows/update-flake-lock.yml b/.github/workflows/update-flake-lock.yml index 248b096..59006f6 100644 --- a/.github/workflows/update-flake-lock.yml +++ b/.github/workflows/update-flake-lock.yml @@ -14,5 +14,7 @@ jobs: - uses: actions/checkout@v4 - name: Install Nix uses: cachix/install-nix-action@v30 + with: + github_access_token: ${{ secrets.GITHUB_TOKEN }} - name: Update flake.lock uses: DeterminateSystems/update-flake-lock@v24 diff --git a/.sops.yaml b/.sops.yaml index 9e9a860..cb7e65d 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -123,9 +123,3 @@ creation_rules: - age: - *chunk - *cy - - path_regex: secrets/cache-priv-key.pem - key_groups: - - age: - - *yt - - *cy - - *chunk diff --git a/flake.lock b/flake.lock index 20d9470..bd1a4e5 100644 --- a/flake.lock +++ b/flake.lock @@ -92,11 +92,11 @@ "complement": { "flake": false, "locked": { - "lastModified": 1741891349, - "narHash": "sha256-YvrzOWcX7DH1drp5SGa+E/fc7wN3hqFtPbqPjZpOu1Q=", + "lastModified": 1741378155, + "narHash": "sha256-rJSfqf3q4oWxcAwENtAowLZeCi8lktwKVH9XQvvZR64=", "owner": "girlbossceo", "repo": "complement", - "rev": "e587b3df569cba411aeac7c20b6366d03c143745", + "rev": "1502a00d8551d0f6e8954a23e43868877c3e57d9", "type": "github" }, "original": { @@ -131,11 +131,11 @@ "rocksdb": "rocksdb" }, "locked": { - "lastModified": 1742266954, - "narHash": "sha256-PoVjZXR24r1WPyWWK+DZDAlVr4otn/BcxY7/jd8fehM=", + "lastModified": 1741642109, + "narHash": "sha256-vO66C3rCb4lz3NU012fZj8+5BaFGuOCq/BJqiOXpqSA=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "7bf92c8a3710eeff229bd86bc81a89daa94b66d5", + "rev": "c4b05e77f3dd66636e26b64f8f4852703816c399", "type": "github" }, "original": { @@ -146,11 +146,11 @@ }, "crane": { "locked": { - "lastModified": 1742317686, - "narHash": "sha256-ScJYnUykEDhYeCepoAWBbZWx2fpQ8ottyvOyGry7HqE=", + "lastModified": 1741481578, + "narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=", "owner": "ipetkov", "repo": "crane", - "rev": "66cb0013f9a99d710b167ad13cbd8cc4e64f2ddb", + "rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5", "type": "github" }, "original": { @@ -361,11 +361,11 @@ ] }, "locked": { - "lastModified": 1742243551, - "narHash": "sha256-hp2tKtJHW/vbiIT4hRhP8cfZEACAWZ92lCdaO9WEi2E=", + "lastModified": 1741360584, + "narHash": "sha256-5UkuvKllBRhU943imyc0jHDXQDVhIFx5WWUr3qrLEWQ=", "owner": "deuxfleurs-org", "repo": "garage", - "rev": "6906a4ff12838da2a74bdaeb7e7cd05cd1d69699", + "rev": "c96be1a9a8aa3b51075678888b80c2414ead2909", "type": "github" }, "original": { @@ -455,11 +455,11 @@ ] }, "locked": { - "lastModified": 1742305478, - "narHash": "sha256-iYCinzZnnUeCkZ031qGRwPdwRsqW6o9Y0MgGpA7Zva4=", + "lastModified": 1741701235, + "narHash": "sha256-gBlb8R9gnjUAT5XabJeel3C2iEUiBHx3+91651y3Sqo=", "owner": "nix-community", "repo": "home-manager", - "rev": "fb74bb76d94a6c55632376c931fc108131260ee9", + "rev": "c630dfa8abcc65984cc1e47fb25d4552c81dd37e", "type": "github" }, "original": { @@ -564,17 +564,29 @@ } }, "lix": { - "flake": false, + "inputs": { + "flake-compat": [ + "flake-compat" + ], + "nix2container": "nix2container", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-regression": "nixpkgs-regression", + "pre-commit-hooks": "pre-commit-hooks" + }, "locked": { - "lastModified": 1741888409, - "narHash": "sha256-gJ7QmlwsJ/QdwUjwTjifNo3v7OBQm2N6xa19l3mMWM4=", - "rev": "20edd45ae816c73504ddfb9c678756e003ceeafd", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/20edd45ae816c73504ddfb9c678756e003ceeafd.tar.gz?rev=20edd45ae816c73504ddfb9c678756e003ceeafd" + "lastModified": 1741700536, + "narHash": "sha256-0OJER7bI6UsCFnKfKdLtgjpOTNccbN3N1dDriP4XRwA=", + "ref": "refs/heads/main", + "rev": "be1491fa6aef638e0147b81ff172131d6db668d9", + "revCount": 17635, + "type": "git", + "url": "https://git.lix.systems/lix-project/lix" }, "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz" + "type": "git", + "url": "https://git.lix.systems/lix-project/lix" } }, "lix-module": { @@ -583,17 +595,19 @@ "flake-utils" ], "flakey-profile": "flakey-profile", - "lix": "lix", + "lix": [ + "lix" + ], "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1741894565, - "narHash": "sha256-2FD0NDJbEjUHloVrtEIms5miJsj1tvQCc/0YK5ambyc=", + "lastModified": 1738176840, + "narHash": "sha256-NG3IRvRs3u3btVCN861FqHvgOwqcNT/Oy6PBG86F5/E=", "ref": "refs/heads/main", - "rev": "a6da43f8193d9e329bba1795c42590c27966082e", - "revCount": 136, + "rev": "621aae0f3cceaffa6d73a4fb0f89c08d338d729e", + "revCount": 133, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -713,11 +727,11 @@ ] }, "locked": { - "lastModified": 1742174123, - "narHash": "sha256-pDNzMoR6m1ZSJToZQ6XDTLVSdzIzmFl1b8Pc3f7iV6Y=", + "lastModified": 1741619381, + "narHash": "sha256-koZtlJRqi0/MD/AKd0KrXLA2NuBOVzlIyAJprjzpxZE=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "2cfb4e1ca32f59dd2811d7a6dd5d4d1225f0955c", + "rev": "66537fb185462ba9b07f4e6f2d54894a1b2d04ab", "type": "github" }, "original": { @@ -733,11 +747,11 @@ ] }, "locked": { - "lastModified": 1742204505, - "narHash": "sha256-sHBzuG9K/VrvOrcLd9GwoCLaQZDVedi/00YmFfdKq/A=", + "lastModified": 1741597901, + "narHash": "sha256-nLUTgXXcFFz+3pd3Khz1H4jUECqX5+OapNPGioPJRQs=", "owner": "nix-community", "repo": "nix-ld", - "rev": "bc1ecb8ca83507c764a3909f02f1acf53c033585", + "rev": "8e0308dd7dd9cd3656866fb2387bc29052fd6d3a", "type": "github" }, "original": { @@ -746,6 +760,22 @@ "type": "github" } }, + "nix2container": { + "flake": false, + "locked": { + "lastModified": 1724996935, + "narHash": "sha256-njRK9vvZ1JJsP8oV2OgkBrpJhgQezI03S7gzskCcHos=", + "owner": "nlewo", + "repo": "nix2container", + "rev": "fa6bb0a1159f55d071ba99331355955ae30b3401", + "type": "github" + }, + "original": { + "owner": "nlewo", + "repo": "nix2container", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1730531603, @@ -762,6 +792,22 @@ "type": "github" } }, + "nixpkgs-regression": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1730741070, @@ -780,11 +826,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1742268799, - "narHash": "sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic=", + "lastModified": 1741600792, + "narHash": "sha256-yfDy6chHcM7pXpMF4wycuuV+ILSTG486Z/vLx/Bdi6Y=", "owner": "nixos", "repo": "nixpkgs", - "rev": "da044451c6a70518db5b730fe277b70f494188f1", + "rev": "ebe2788eafd539477f83775ef93c3c7e244421d3", "type": "github" }, "original": { @@ -828,11 +874,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1742276595, - "narHash": "sha256-bsg9y3NoMGu0jgTI5XbxvzQFc9JtZB51i500WlVws80=", + "lastModified": 1741692589, + "narHash": "sha256-t1BrOTAUIkRY4YlSspERzz5iaFbzJTIE6mhLmnWrDaA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2b3795787eba0066a2bc8bba7362422e5713840f", + "rev": "a7010334ad6d8082bb8aa5dd2e37bf3b98b1a713", "type": "github" }, "original": { @@ -853,11 +899,11 @@ "nuschtosSearch": "nuschtosSearch" }, "locked": { - "lastModified": 1742255305, - "narHash": "sha256-XxygfriVXQt+5Iqh6AOjZL5Aes5dH2xzVKpHpL8pDQg=", + "lastModified": 1741637833, + "narHash": "sha256-1uBkdOwxNmkdXXjoycnEBZUoHZ/22GitQRVXjZlsVK0=", "owner": "nix-community", "repo": "nixvim", - "rev": "78f6166c23f80bdfbcc8c44b20f7f4132299a33f", + "rev": "bc34099731a7e3799c0d52ccdf4599409a2ef9b9", "type": "github" }, "original": { @@ -905,6 +951,38 @@ "type": "github" } }, + "pixelflasher": { + "locked": { + "lastModified": 1741302870, + "narHash": "sha256-7AywZ1b3PaqolAZ0vQmddD6Br4o0a7ucdtE0/W3rnaM=", + "owner": "cything", + "repo": "nixpkgs", + "rev": "5ef8b274bb7f939104295a22cec3382268ed73cc", + "type": "github" + }, + "original": { + "owner": "cything", + "ref": "pixelflasher", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks": { + "flake": false, + "locked": { + "lastModified": 1733318908, + "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "6f4e2a2112050951a314d2733a994fbab94864c6", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ @@ -959,6 +1037,7 @@ "garage": "garage", "home-manager": "home-manager", "lanzaboote": "lanzaboote", + "lix": "lix", "lix-module": "lix-module", "nil": "nil", "nix-index-database": "nix-index-database", @@ -967,6 +1046,7 @@ "nixpkgs-stable": "nixpkgs-stable_2", "nixvim": "nixvim", "nvim-github-theme": "nvim-github-theme", + "pixelflasher": "pixelflasher", "rust-overlay": "rust-overlay", "sops-nix": "sops-nix", "treefmt": "treefmt", @@ -997,11 +1077,11 @@ ] }, "locked": { - "lastModified": 1742265167, - "narHash": "sha256-RB0UEF9IXIgwuuBFC+s9H4rDyvmMZePHlBAK4vRAwf4=", + "lastModified": 1741660300, + "narHash": "sha256-0jldJ58sC5RjqwpwE+ER+RPMeX4Moz5im/evQ3SU/dU=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "87f0965f9f5b13fca9f38074eee8369dc767550d", + "rev": "ac2f556db0eb5cbba3c4f5f5989c46330f439b0b", "type": "github" }, "original": { @@ -1017,11 +1097,11 @@ ] }, "locked": { - "lastModified": 1742239755, - "narHash": "sha256-ptn8dR4Uat3UUadGYNnB7CIH9SQm8mK69D2A/twBUXQ=", + "lastModified": 1741644481, + "narHash": "sha256-E0RrMykMtEv15V3QhpsFutgoSKhL1JBhidn+iZajOyg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "787afce414bcce803b605c510b60bf43c11f4b55", + "rev": "e653d71e82575a43fe9d228def8eddb73887b866", "type": "github" }, "original": { @@ -1067,11 +1147,11 @@ ] }, "locked": { - "lastModified": 1742303424, - "narHash": "sha256-2R7cGdcA2npQQcIWu2cTlU63veTzwVZe78BliIuJT00=", + "lastModified": 1739829690, + "narHash": "sha256-mL1szCeIsjh6Khn3nH2cYtwO5YXG6gBiTw1A30iGeDU=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "b3b938ab8ba2e8a0ce9ee9b30ccfa5e903ae5753", + "rev": "3d0579f5cc93436052d94b73925b48973a104204", "type": "github" }, "original": { @@ -1090,11 +1170,11 @@ ] }, "locked": { - "lastModified": 1742262692, - "narHash": "sha256-kCuy1Fld1vFmor6SZ48DdtiLv9/zUhW8lCaTA+Py+es=", + "lastModified": 1741704640, + "narHash": "sha256-FSvtxhfB0PQtFOj8PMfcgUG1QVaQzjTZvAxLiqDysKI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "32de9a383db6b555ac92877dd8b5b986f4151de7", + "rev": "27f37976beb94100b18ab8407ff056654db68506", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index b76d3e1..7746231 100644 --- a/flake.nix +++ b/flake.nix @@ -51,6 +51,12 @@ url = "git+https://git.lix.systems/lix-project/nixos-module"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; + inputs.lix.follows = "lix"; + }; + lix = { + url = "git+https://git.lix.systems/lix-project/lix"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-compat.follows = "flake-compat"; }; nix-ld = { url = "github:nix-community/nix-ld"; @@ -71,6 +77,7 @@ url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; }; + pixelflasher.url = "github:cything/nixpkgs/pixelflasher"; attic = { url = "github:zhaofengli/attic"; inputs = { @@ -106,11 +113,11 @@ nixConfig = { extra-substituters = [ "https://nix-community.cachix.org" - "https://nixcache.cy7.sh" + "https://cache.cy7.sh/main" ]; extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=" + "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" ]; }; @@ -128,6 +135,7 @@ imports = [ inputs.treefmt.flakeModule ]; + debug = true; systems = [ "x86_64-linux" ]; @@ -140,14 +148,11 @@ treefmt = { projectRootFile = "flake.nix"; programs.nixfmt.enable = true; + programs.stylua.enable = true; + programs.yamlfmt.enable = true; programs.typos.enable = true; programs.shellcheck.enable = true; - programs.yamlfmt = { - enable = true; - settings.retain_line_breaks = true; - }; - settings.global.excludes = [ "secrets/*" "**/*.png" # tries to format a png file diff --git a/home/codium.nix b/home/codium.nix index 117c9e0..935866b 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, ... }: { programs.vscode = { enable = true; @@ -22,13 +22,10 @@ emilast.logfilehighlighter tamasfe.even-better-toml golang.go - ms-python.python - christian-kohler.path-intellisense ]; userSettings = let vimCommonKeyBindings = [ - # nice emacs bindings { "before" = [ "C-a" ]; "commands" = [ "cursorHome" ]; @@ -37,19 +34,6 @@ "before" = [ "C-e" ]; "commands" = [ "cursorEnd" ]; } - { - "before" = [ "C-b" ]; - "commands" = [ "cursorLeft" ]; - } - { - "before" = [ "C-f" ]; - "commands" = [ "cursorRight" ]; - } - # ctrl+h to turn off search highlighting - { - "before" = [ "C-h" ]; - "commands" = [ ":nohl" ]; - } ]; in { @@ -89,7 +73,7 @@ "markdown-preview-enhanced.previewTheme" = "github-dark.css"; "nix.enableLanguageServer" = true; - "nix.serverPath" = "${lib.getExe pkgs.nil}"; + "nix.serverPath" = "nil"; "bookmarks.saveBookmarksInProject" = true; "cSpell.enabledFileTypes" = { @@ -99,15 +83,6 @@ # vim stuff "vim.leader" = ","; - "extensions.experimental.affinity" = { - "vscodevim.vim" = 1; - }; - "vim.sneak" = true; - "vim.sneakUseIgnorecaseAndSmartcase" = true; - "vim.enableNeovim" = true; - "vim.hlsearch" = true; - "vim.easymotion" = true; - "editor.lineNumbers" = "relative"; "vim.normalModeKeyBindings" = vimCommonKeyBindings ++ [ { "before" = [ ";" ]; @@ -142,13 +117,6 @@ ]; "commands" = [ "workbench.action.toggleSidebarVisibility" ]; } - { - "before" = [ - "" - "s" - ]; - "commands" = [ "workbench.action.toggleSidebarVisibility" ]; - } { "before" = [ "" @@ -222,33 +190,10 @@ "commands" = [ "editor.action.outdentLines" ]; } ]; + "extensions.experimental.affinity" = { + "vscodevim.vim" = 1; + }; }; - keybindings = [ - # repeat these vim bindings here cause otherwise they get overridden by vscode - { - "key" = "ctrl+b"; - "when" = "inputFocus"; - "command" = "cursorLeft"; - } - { - "key" = "ctrl+f"; - "when" = "inputFocus"; - "command" = "cursorRight"; - } - # clear default bindings that conflict - { - "key" = "ctrl+f"; - "command" = "-actions.find"; - } - { - "key" = "ctrl+b"; - "command" = "-workbench.action.toggleSidebarVisibility"; - } - { - "key" = "ctrl+w"; - "command" = "-workbench.action.closeActiveEditor"; - } - ]; }; }; } diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index 5199812..94895c1 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -71,6 +71,41 @@ key = ""; mode = "i"; } + # quick chat with copilot + { + key = "ccq"; + action.__raw = '' + function() + local input = vim.fn.input("Quick chat: ") + if input ~= "" then + require("CopilotChat").ask(input, { selection = require("CopilotChat.select").buffer }) + end + end + ''; + mode = [ + "n" + "v" + ]; + } + # ask perplexity a quick question + { + key = "ccs"; + action.__raw = '' + function() + local input = vim.fn.input("Perplexity: ") + if input ~= "" then + require("CopilotChat").ask(input, { + agent = "perplexityai", + selection = false, + }) + end + end + ''; + mode = [ + "n" + "v" + ]; + } ]; plugins.cmp = { @@ -163,11 +198,10 @@ }; rust_analyzer = { enable = true; - installRustc = false; - installCargo = false; + installRustc = true; + installCargo = true; }; eslint.enable = true; - yamlls.enable = true; }; }; plugins.treesitter = { @@ -199,6 +233,13 @@ settings.current_line_blame = true; }; + plugins.copilot-chat = { + enable = true; + settings = { + model = "claude-3.5-sonnet"; + }; + }; + plugins.cmp-buffer.enable = true; plugins.cmp-emoji.enable = true; plugins.cmp-nvim-lsp.enable = true; diff --git a/home/yt/chunk.nix b/home/yt/chunk.nix index 474abfc..ad024cd 100644 --- a/home/yt/chunk.nix +++ b/home/yt/chunk.nix @@ -14,4 +14,8 @@ programs.home-manager.enable = true; systemd.user.startServices = "sd-switch"; + + home.packages = with pkgs; [ + attic-server + ]; } diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index cd6baa4..3ec6aeb 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -60,6 +60,7 @@ unzip anki-bin trezorctl + trezor-agent q gdb fuzzel @@ -76,6 +77,7 @@ )) p7zip qbittorrent + nil android-tools frida-tools mitmproxy @@ -98,11 +100,9 @@ nix-output-monitor wl-clipboard-rs pixelflasher - cinny-desktop + element-desktop freetube gopls - rust-analyzer - minio-client ]; home.sessionVariables = { diff --git a/home/zsh/default.nix b/home/zsh/default.nix index e599f0d..9b5bcc6 100644 --- a/home/zsh/default.nix +++ b/home/zsh/default.nix @@ -92,7 +92,7 @@ "s" = "sudo"; "nrs" = "sudo nixos-rebuild switch -L --flake . --log-format internal-json -v |& nom --json"; "nrt" = "sudo nixos-rebuild test -L --flake . --log-format internal-json -v |& nom --json"; - "hrs" = "home-manager switch -L --flake ."; + "hrs" = "home-manager switch -L --flake . |& nom --json"; "g" = "git"; "ga" = "git add"; "gaa" = "git add --all"; diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 22290c1..9a621c4 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -184,10 +184,16 @@ security.sudo.enable = true; security.sudo.wheelNeedsPassword = false; + programs.gnupg.agent.enable = true; programs.git.enable = true; my.caddy.enable = true; # container stuff my.containerization.enable = true; + + my.roundcube.enable = true; + my.zipline.enable = true; + my.searx.enable = true; + my.attic.enable = true; } diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index b046a4b..81b4af3 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -10,21 +10,15 @@ api_bind_addr = "[::]:3900"; root_domain = "s3.cy7.sh"; }; - s3_web = { - bind_addr = "[::]:3902"; - root_domain = ".web.cy7.sh"; - add_host_to_metrics = true; - }; admin.api_bind_addr = "[::]:3903"; rpc_bind_addr = "[::]:3901"; replication_factor = 1; db_engine = "lmdb"; disable_scrub = true; - block_size = "128M"; + block_size = "10M"; compression_level = "none"; }; environmentFile = config.sops.secrets."garage/env".path; - logLevel = "warn"; }; services.caddy.virtualHosts = { @@ -39,12 +33,5 @@ import common reverse_proxy localhost:3903 ''; - "*.web.cy7.sh" = { - serverAliases = [ "nixcache.cy7.sh" ]; - extraConfig = '' - import common - reverse_proxy localhost:3902 - ''; - }; }; } diff --git a/hosts/chunk/immich.nix b/hosts/chunk/immich.nix index 7dc7824..6541770 100644 --- a/hosts/chunk/immich.nix +++ b/hosts/chunk/immich.nix @@ -6,10 +6,9 @@ }: let uploadLocation = "/mnt/photos/immich"; - # thumbsLocation = "/opt/immich/thumbs"; + thumbsLocation = "/opt/immich/thumbs"; profileLocation = "/opt/immich/profile"; dbDataLocation = "/opt/immich/postgres"; - backupsLocation = "/opt/immich/backups"; in { virtualisation.oci-containers.containers = { @@ -20,9 +19,8 @@ in pull = "newer"; volumes = [ "${uploadLocation}:/usr/src/app/upload" - # "${thumbsLocation}:/usr/src/app/upload/thumbs" + "${thumbsLocation}:/usr/src/app/upload/thumbs" "${profileLocation}:/usr/src/app/upload/profile" - "${backupsLocation}:/usr/src/app/upload/backups" ]; environment = { REDIS_HOSTNAME = "immich-redis"; diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index c592fbb..60d4e0e 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -4,33 +4,6 @@ lib, ... }: -let - mkServiceConfig = remote: mount: { - Type = "notify"; - TimeoutSec = "5min 20s"; - ExecStartPre = "/usr/bin/env mkdir -p ${mount}"; - ExecStart = '' - ${lib.getExe pkgs.rclone} mount \ - --config ${config.sops.secrets."rclone/config".path} \ - --allow-other \ - --cache-dir /var/cache/rclone \ - --transfers 32 \ - --vfs-cache-mode full \ - --vfs-cache-min-free-space 5G \ - --dir-cache-time 30d \ - --no-checksum \ - --no-modtime \ - --vfs-fast-fingerprint \ - --vfs-read-chunk-size 16M \ - --vfs-read-chunk-streams 16 \ - --sftp-concurrency 64 \ - --sftp-chunk-size 255k \ - --buffer-size 0 \ - ${remote} ${mount} - ''; - ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -zu ${mount}"; - }; -in { systemd.services.immich-mount = { enable = true; @@ -39,7 +12,21 @@ in after = [ "network-online.target" ]; requiredBy = [ "podman-immich-server.service" ]; before = [ "podman-immich-server.service" ]; - serviceConfig = mkServiceConfig "photos:" "/mnt/photos"; + serviceConfig = { + Type = "notify"; + ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos"; + ExecStart = '' + ${lib.getExe pkgs.rclone} mount \ + --config ${config.sops.secrets."rclone/config".path} \ + --cache-dir /var/cache/rclone \ + --transfers=32 \ + --dir-cache-time 30d \ + --vfs-cache-mode writes \ + --vfs-cache-max-size 2G \ + photos: /mnt/photos + ''; + ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/photos"; + }; }; systemd.services.garage-mount = { @@ -49,6 +36,26 @@ in after = [ "network-online.target" ]; requiredBy = [ "garage.service" ]; before = [ "garage.service" ]; - serviceConfig = mkServiceConfig "rsyncnet:garage" "/mnt/garage"; + serviceConfig = { + Type = "notify"; + ExecStartPre = "/usr/bin/env mkdir -p /mnt/garage"; + ExecStart = '' + ${lib.getExe pkgs.rclone} mount \ + --config ${config.sops.secrets."rclone/config".path} \ + --allow-other \ + --cache-dir /var/cache/rclone \ + --transfers=32 \ + --vfs-cache-mode full \ + --vfs-cache-min-free-space 5G \ + --dir-cache-time 30d \ + --no-checksum \ + --no-modtime \ + --vfs-fast-fingerprint \ + --vfs-read-chunk-size 10M \ + --vfs-read-chunk-streams 32 \ + rsyncnet:garage /mnt/garage + ''; + ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage"; + }; }; } diff --git a/hosts/common.nix b/hosts/common.nix index 77e0edb..c7841c3 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -1,4 +1,4 @@ -{ inputs, config, ... }: +{ inputs, ... }: { nix = { settings = { @@ -9,16 +9,13 @@ "root" "@wheel" ]; - extra-trusted-public-keys = [ + trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=" + "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" ]; - extra-substituters = [ + trusted-substituters = [ "https://nix-community.cachix.org" - "https://nixcache.cy7.sh" - ]; - secret-key-files = [ - config.sops.secrets.cache-priv-key.path + "https://cache.cy7.sh/main" ]; }; channel.enable = false; @@ -77,11 +74,4 @@ services.thermald.enable = true; environment.enableAllTerminfo = true; - - sops.secrets.cache-priv-key = { - format = "binary"; - sopsFile = ../secrets/cache-priv-key.pem; - mode = "0440"; - group = "users"; - }; } diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index eba3509..b57887e 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -94,10 +94,8 @@ # 3003 # immich-ml # ]; }; - hosts = { - "100.122.132.30" = [ "s3.cy7.sh" ]; - }; }; + programs.nm-applet.enable = true; security.rtkit.enable = true; services.pipewire = { diff --git a/justfile b/justfile index 9f6236c..68b7e5c 100644 --- a/justfile +++ b/justfile @@ -1,7 +1,9 @@ update: git branch -D update || true git switch -c update - nix flake update --commit-lock-file + nix flake update + git add flake.lock + git commit -s -m "flake update" git push -f git switch main diff --git a/modules/attic.nix b/modules/attic.nix index e546a9e..5aa54c6 100644 --- a/modules/attic.nix +++ b/modules/attic.nix @@ -18,10 +18,7 @@ in settings = { listen = "[::]:8091"; api-endpoint = "https://cache.cy7.sh/"; - allowed-hosts = [ - "cache.cy7.sh" - "cdn.cy7.sh" - ]; + allowed-hosts = [ "cache.cy7.sh" ]; require-proof-of-possession = false; compression = { type = "none"; @@ -33,40 +30,18 @@ in type = "s3"; region = "us-east-1"; bucket = "attic"; - # attic must be patched to never serve pre-signed s3 urls directly - # otherwise it will redirect clients to this localhost endpoint - endpoint = "http://127.0.0.1:3900"; + endpoint = "https://s3.cy7.sh"; }; garbage-collection = { default-retention-period = "1 month"; }; - - chunking = { - # disable chunking since garage does its own - nar-size-threshold = 0; - # defaults - min-size = 16384; - avg-size = 65536; - max-size = 262144; - }; }; }; - systemd.services.atticd = { - requires = [ "garage.service" ]; - after = [ "garage.service" ]; - environment = { - RUST_LOG = "INFO"; - }; - }; - - services.caddy.virtualHosts."cache.cy7.sh" = { - serverAliases = [ "cdn.cy7.sh" ]; - extraConfig = '' - import common - reverse_proxy localhost:8091 - ''; - }; + services.caddy.virtualHosts."cache.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8091 + ''; }; } diff --git a/modules/caddy.nix b/modules/caddy.nix index 3e6ca63..6b46cb5 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -19,9 +19,9 @@ in plugins = [ # error message will tell you the correct version tag to use # (still need the @ to pass nix config check) - "github.com/caddy-dns/cloudflare@v0.0.0-20250228175314-1fb64108d4de" + "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e" ]; - hash = "sha256-YYpsf8HMONR1teMiSymo2y+HrKoxuJMKIea5/NEykGc="; + hash = "sha256-jCcSzenewQiW897GFHF9WAcVkGaS/oUu63crJu7AyyQ="; }; logFormat = lib.mkForce "level INFO"; acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; diff --git a/overlay/attic/default.nix b/overlay/attic/default.nix index 454d367..14f5daf 100644 --- a/overlay/attic/default.nix +++ b/overlay/attic/default.nix @@ -1,7 +1,7 @@ final: prev: { attic-server = prev.attic-server.overrideAttrs { patches = [ - ./prefetch-8-chunks.patch + ./prefetch-32-chunks.patch ]; }; } diff --git a/overlay/attic/prefetch-32-chunks.patch b/overlay/attic/prefetch-32-chunks.patch new file mode 100644 index 0000000..bbb801b --- /dev/null +++ b/overlay/attic/prefetch-32-chunks.patch @@ -0,0 +1,13 @@ +diff --git a/server/src/api/binary_cache.rs b/server/src/api/binary_cache.rs +index 02e4857..71eeee8 100644 +--- a/server/src/api/binary_cache.rs ++++ b/server/src/api/binary_cache.rs +@@ -262,7 +262,7 @@ async fn get_nar( + + // TODO: Make num_prefetch configurable + // The ideal size depends on the average chunk size +- let merged = merge_chunks(chunks, streamer, storage, 2).map_err(|e| { ++ let merged = merge_chunks(chunks, streamer, storage, 32).map_err(|e| { + tracing::error!(%e, "Stream error"); + e + }); diff --git a/overlay/attic/prefetch-8-chunks.patch b/overlay/attic/prefetch-8-chunks.patch deleted file mode 100644 index 3d6134f..0000000 --- a/overlay/attic/prefetch-8-chunks.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/server/src/api/binary_cache.rs b/server/src/api/binary_cache.rs -index 02e4857..b522154 100644 ---- a/server/src/api/binary_cache.rs -+++ b/server/src/api/binary_cache.rs -@@ -215,7 +215,7 @@ async fn get_nar( - let chunk = chunks[0].as_ref().unwrap(); - let remote_file = &chunk.remote_file.0; - let storage = state.storage().await?; -- match storage.download_file_db(remote_file, false).await? { -+ match storage.download_file_db(remote_file, true).await? { - Download::Url(url) => Ok(Redirect::temporary(&url).into_response()), - Download::AsyncRead(stream) => { - let stream = ReaderStream::new(stream).map_err(|e| { - diff --git a/overlay/default.nix b/overlay/default.nix index f4a7353..0eea626 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -15,7 +15,8 @@ in pkgFrom = flake: pkg: flake.packages.${prev.system}.${pkg}; in { - conduwuit = pkgFrom inputs.conduwuit "default"; + conduwuit = pkgFrom inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised"; + pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher"; attic-server = pkgFrom inputs.attic "attic-server"; attic = pkgFrom inputs.attic "attic"; garage = ( diff --git a/secrets/cache-priv-key.pem b/secrets/cache-priv-key.pem deleted file mode 100644 index c9bd80e..0000000 --- a/secrets/cache-priv-key.pem +++ /dev/null @@ -1,28 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:IVRg3IqrlV1Cy3xwyVszhUnRzbWP3OSb/XZF1H0N30eKL8d0DxFGngC5qMgRcmSs203/QL3w0fENp1u0f8tVajqJVlzLjlsiQrMdtXmiMv0LKO7E+aj4UZ0wMchB0XgSVUWrKUXxZrA=,iv:3GtA07yuAAI++RsLSwY3U62k1iG9+hvkGn45HjFt/Gk=,tag:PJ13CrjcE06KMC383txqHw==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLcGd1alJmNWM3dVBmSWxs\nRHBTOVV6U3p1U3Q3bzQ3OXYrWVhNVTlxTGxvClllbFMwc3dFZW56a0d6eUhVZ2Na\nMUVJc29CNHVMcHRLaXBlRnRLZ2pNb0UKLS0tIFRERnRBZGVFRk9sYmpzVjlpdmN1\ndjUyVmRZMFlFTm4zSnZWV09WbTNoMWMKM35a6GkCZIKscqgADrbIa48T8++wkhLP\nOFr03bv6D0Hj38VLWx+kh9kmja8BaxmdSUTeAhdORwbQumJBAqjsOw==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHbEh0YkFlL3dPL1FmcE9m\nbjl0dHhQZlpBREMwYzQ0NEpQQ3RZVlNsM1Q4CmYwS0VDNjFaOXhOS3JkVUtaTEJZ\nSVNyZ1lXbEhCbE5XdGxCRWhsNVR1N0EKLS0tICt2Um9wQ0pyUVpnd1dVemM4NmpU\nTHE1bi9OcmsweDZyNVpVVUlITmt3c28KdX6fO1C7Ma66AAv/RCI5z8p/7fSvKWQ7\nCL86Nl4Xzb5WWxkteO4wOoHh4y0+9dpEAbS/XP78PkC07uRttcS7pQ==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCRmNheTZrUWplWFZJcm53\nbC94UHdYbXdsSFB0Nk92Q29RdGMxbUxVeEhjCkZqVk13bEFvNFFLZllTN0NUeFpj\nRkhlYXl5STJrbVQzeWg3YzlQZ1ZlZncKLS0tIGhjUytJa2FXa0VVTFlMN2ZpTjF0\ncG9ZTG0zL2dNekV0NkFZWWVrcFpPU3cK/Kia/sHk5T9nlbDg2G52uQcJUoPrnu3y\n6ARJKoz0MnV4csjS6IZCFSb7Vy5DSH+at3khEw3x00eGae1Jd89vwQ==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2025-03-27T20:37:28Z", - "mac": "ENC[AES256_GCM,data:35iUoodcjvIn+VAE20f2sHFaTh3+aqCYQ4HalWdVz4eUSkVNcdXs2uqOZtFv3MszDiH9izM84OyHwykudJ99QE3B/NwpfIoKQaU6Qg5X/g/rC1meffMaZwcASVbepjznahbTKmJqeSrMeybrBIV+6FaSjWXn0+D72GEEM1vgH9c=,iv:N2CbttHJsczm37qdapOCrlNeSSgsZBDlvWyvUpa3mkk=,tag:btniVwaVS9h4jDo4IM2wcA==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.9.4" - } -} \ No newline at end of file